Records Management Policy

Transcription

1 Records Management Policy RECORDS MANAGEMENT POLICY STATEMENT Skills Development Scotland (SDS) will ensure the effective management of the information it holds and that any information classified as a record is accurate, complete, up-to date and secure and is managed and disposed of appropriately to meet all SDS statutory, regulatory, operational, administrative and accountability requirements. In particular the management of SDS information aims to meet the requirements of the Public Records (Scotland) Act 2011, the Freedom of Information (Scotland) Act 2002 (section 61 Code of Practice on Records Management) and the Data Protection Act The policy applies to all the information SDS holds and classified as records, including records in all formats received, created and maintained by SDS staff in the course of their work.

2 Document Control: Title Records Management Policy Prepared By PRSA Executive Reviewed By Head of Corporate Office Signed off By Executive Leadership Group (ELG) Version Number 1.0 Review Frequency Annually Next Review Date February 2015 Version Control: Version Date Status Prepared by Reason for Amendment 2

4 1. Introduction and context Information is every organisation's most basic and essential asset, and in common with any other business asset, recorded information requires effective management. Records management ensures information is appropriately classified and can be accessed easily, can be destroyed appropriately when no longer needed, and enables organisations not only to function on a day to day basis, but also to fulfil legal and financial requirements. This policy governs the management of all information classified as records in all formats that are received, created and maintained by SDS staff in the course of their work. In addition to being sound business practice legislation is increasingly underlining the importance of good records management. Compliance with Freedom of Information and Data Protection legislation is underpinned by effective records management: without properly organised and retrievable records, requests for information governed by statutory response timescales would be impossible to service. The Public Records (Scotland) Act 2011 received Royal Assent on 20 April It is the first new public records legislation in Scotland for over 70 years. The Act will affect Skills Development Scotland and named public authorities in Scotland including local authorities, NHS, police and courts, as well as the Scottish Government and Scottish Parliament. They are now obliged to prepare and implement a records management plan (RMP) which sets out proper arrangements for the management of their records. RMPs will be agreed with the Keeper and should be regularly reviewed. Where authorities fail to meet their obligations under the Act, the Keeper has powers to undertake records management reviews and issue action notices for improvement. The Act has raised the profile of records management across the public sector in Scotland and will lead to the introduction of improvements and efficiencies in public record keeping. As well as increasing business efficiency and effectiveness, and thereby helping organisations to respond better to their users needs, good records management also helps authorities to better monitor public services, maintain accurate records of the circumstances and experiences of individuals, and safeguard the records of vulnerable people. SDS works with a wide range of national and local partners to improve, align and integrate our services for customers. Our records support decision making, document activities, provide evidence of policies, decisions and transactions, and fundamentally underpin the daily work of the organisation. SDS recognises the key role of effective management of its records in order to be able to support these functions and deliver its core services. The benefits of records management Systematic management of records allows organisations to: know what records they have, and locate them easily increase efficiency and effectiveness make savings in administration costs, both in staff time and storage support decision making be accountable achieve business objectives and targets provide continuity in the event of a disaster meet legislative and regulatory requirements, particularly as laid down by the Freedom of Information (Scotland) Act and the Data Protection Act protect the interests of employees, clients and stakeholders 4

5 Records management offers tangible benefits to organisations, from economic good practice in reducing storage costs of documents, to enabling legislative requirements to be met. An unmanaged record system makes the performance of duties more difficult, costs organisations time, money and resources, and makes them vulnerable to security breaches, prosecution and embarrassment. In an unmanaged records environment, up to 10% of staff time is spent looking for information Purpose The purpose of this policy is to establish the framework for SDS records management procedures and practices and inform staff of their obligations when creating, managing and disposing of records. 3. Scope This policy will create a framework to ensure the efficient management of records and to enable SDS to deliver compliance with the Public Records (Scotland) Act 2011 (PRSA), the Freedom of Information (Scotland) Act 2002 (FOISA) and the Data Protection Act 1998 (DPA). The policy also sets out elements of best practice for creating, using, retaining and disposing of records. It is intended that SDS move within an agreed timeframe from, as a minimum, ensuring compliance with all applicable legislative requirements towards demonstrating good and best practice in its records management, as part of SDS s commitment to organisational excellence. The policy applies to all records in all formats received, created, and maintained by all staff in SDS in the course of their work and provides an explicit organisational commitment to the effective management of SDS records and associated information management functions. The policy applies to all staff, whether part-time, full-time, permanent, a contractor, temporary or seconded. 4. Definitions Record: Records are defined in the Code of Practice on Records Management 2 as follows: Information created, received and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of the business. This definition is taken from the British Standard dealing with records management, BS ISO 15489, published in An initial point to make is that records can be in any format. As the Code says (at paragraph 2 of Part 1): The code applies to all records irrespective of the technology used to create and store then or the type of information they contain. It includes, therefore, not only paper files series and digital records management systems but also business and information systems and the contents of websites. Recorded Information vs. Record In records management it is important to be clear about the difference between recorded information and a record. 1 As published on National Records of Scotland website. 2 Revised Code of Practice on Records Management issued in July 2009 by the Lord Chancellor under section 46 of the Freedom of Information Act

6 Recorded Information is any piece of information in any form, produced or received by an organisation or person. It can include databases, website, messages, word and excel files, letters, video, audio and memos. Some of this information will be ephemeral or of very short-term value and should never end up in a records management system (e.g. invitations to lunch, travel arrangements etc). Some information, classified as records, will need to be kept as evidence of business transactions, routine activities or as a result of legal obligations, such as policy documents. These should be placed into an official filing system and at this point, they become official records. In other words, all records start off as recorded information, but not all recorded information will ultimately become records. Information Asset: An information asset is a specific body of information, defined and managed as a single unit so it can be understood, shared, protected and exploited effectively. Information assets have recognisable and manageable value, risk content and lifecycles. Information Asset Owner: The role was created following the Government s Review of Data Handling in Government (DHR) in June 2008, which also established mandatory minimum measures for personal data handling in Government. Although it was created out of the Data Handling Review, which initially focused on personal data handling, the role is equally important for any information classified as a record or sensitive that is processed by SDS, whether or not it includes personal information. The IAO manages the information assets to comply with statutory obligations [(such as the Public Records (Scotland) Act 2011, the Freedom of Information (Scotland) Act 2002 and the Data Protection Act Vital Records: Vital Records are a subset of information classified as records without which SDS could not continue to function and which are deemed essential for purposes of business continuity Records Management: The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposal of recorded information and the classification and management of information classified as records. This includes the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of that information classified as records (ISO 15489). Retention Policy and Schedules: Policy and actions for the management of information through its life cycle and the rules for destruction or archiving of the information and records in a particular class determined on the basis of administrative, legal and audit needs. Disposal Policy and Arrangements: Policy and final action on a series of records e.g. destruction or preservation for a specified period. 6

7 5. Principles and features of good records management: The guiding principle of records management is to ensure that information is available when and where it is needed, in an organised and efficient manner, and in a well maintained environment. Organisations must ensure that information classified as records are: Authentic It must be possible to prove that records are what they purport to be and who created them, by keeping a record of their management through time. Where information is later added to an existing document within a record, the added information must be signed and dated. With electronic records, changes and additions must be identifiable through audit trails. Accurate Records must accurately reflect the transactions that they document. Accessible Records must be readily available when needed. Complete Records must be sufficient in content, context and structure to reconstruct the relevant activities and transactions that they document. Comprehensive Records must document the complete range of an organisation's business. Compliant Records must comply with any record keeping requirements resulting from legislation, audit rules and other relevant regulations. Effective Records must be maintained for specific purposes and the information contained in them must meet those purposes. Records will be identified and linked to the business process to which they are related. Secure Records must be securely maintained to prevent unauthorised access, alteration, damage or removal. They must be stored in a secure environment, the degree of security reflecting the sensitivity and importance of the contents. Where records are migrated across changes in technology, the evidence preserved must remain authentic and accurate. 6. Objectives: As all SDS staff are involved in the creation, receipt, management and disposal of SDS information and records, it is important that everyone is aware of their records management responsibilities and the importance of records management for achieving SDS business objectives, delivering efficient and effective business practices and meeting external requirements. Systematic records management is fundamental to the operation of the organisation and this policy will ensure responsibilities are allocated in relation to the information that staff produce and handle. SDS must meet statutory and regulatory requirements in the management of its operational and administrative information. Consistent application of records management practices will ensure SDS records are accurate, up-to-date, complete and secure and are managed and disposed of appropriately. This policy and supporting procedural; guidance will also ensure that all members of staff understand what their responsibilities are in relation to the information they produce and handle. 7

8 7. Policy Authorisation and Review This policy will be considered for approval by the Executive Leadership Group (ELG) and will be reviewed annually or more frequently as circumstances require. 8. Records Life Cycle Process SDS will manage its records effectively and efficiently to support all of its business activities in line with the SDS strategy and to meet statutory and regulatory requirements. SDS will provide records management guidance to all units/ staff and ensure all staff understand their responsibilities. Information classified as records should be clearly identifiable, accessible and retrievable. Their content should correctly and completely reflect what was communicated, decided or done. Records systems should be secure and their creation, management, storage and disposal should comply with the current legislation. 8.1 Records Creation Records are created daily as an indispensable part of SDS functions and services. They should be managed appropriately to the business activity of SDS and according to all related policies and procedures. 8.2 Records storage Records should be stored in a consistent order and be protected appropriately. Records storage areas should provide a safe working environment with secure storage that allows records to be retrieved at all times. These areas should only be accessible to authorised staff. Records should not be moved without authorisation. Electronic records stored on the network drives should be stored in the relevant structure to which the record relates and kept with other related records. Records should not be solely stored in personal folders. In the future, records should be stored in accordance with the SDS agreed classification scheme and this will allow both physical and electronic records to follow a common structure. 8.3 Records management Managing information and maintaining proper records is vital to SDS. SDS has a number of business critical information systems e.g. CSS, CTS, Agresso etc. These are designated as key information assets. Each information asset system should have explicitly defined procedures for the ongoing management of the record from initiation to final disposal in accordance with current legislation, policies and procedures. 8.4 Records disposal Records should be disposed of according to SDS disposal policy and arrangements. They should not be disposed of before the time the retention schedule stipulates or retained longer than is agreed. Before records are destroyed, staff should ensure that there are no enquires for information outstanding, related to that record. Where a record does not have a specified retention schedule, staff should endeavour to establish good practice retention for this type of record and seek relevant approvals for this to become part of SDS s retention schedule. Any temporary information, which is not classified as a record, should be disposed of as soon as it is no longer required. 8

9 9. Responsibilities 9.1 Executive Leadership Group/ Chief Executive The Executive Leadership Group (ELG) collectively, headed by the Chief Executive as Accountable Officer, has overall accountability for approving SDS Records Management Policy and Procedures and for ensuring their application throughout the organisation. 9.2 Information Governance Leadership Group Cross-directorate governance oversight for records management sits within the Information Governance Leadership Group (IGLG). IGLG will receive regular reports on records management implementation, compliance and practice improvement. 9.3 Corporate Office Management responsibility for coordinating records management policy and procedures and promoting, monitoring and reporting compliance with the policy lies with Corporate Office. This may include reviews and audits of records and developing and promoting good practice and procedures with all staff. 9.4 Heads of Service/ Information Asset Owners Heads of Service are responsible at local business levels for ensuring compliance with the records management policy and should encourage good records management practice. Heads of Service have been identified, trained and guided to take ownership of information assets so that all business critical information assets have clear ownership. Information asset owners are responsible for ensuring the availability and integrity of information made available to staff through the supporting business processes. An Information Asset Owner (IAO) is a mandated role, the individuals appointed as IAOs are responsible for ensuring that specific information assets are handled and managed appropriately. This means making sure that information assets are properly protected and that their value to Skills Development Scotland is fully exploited. IAOs can delegate responsibility to particular areas that can support them in their role but the IAO retains accountability for proper information management and handling. 9.5 Records Management Champions Designated Records Management Champions (RMCs) will be responsible at planning unit level for promoting and supporting operational implementation of records management policy and practice across SDS. They will also be responsible (with support from IGLG, Corporate Office and Heads of Service) for associated training, development and ongoing support of staff. 9.6 SDS Staff All staff within SDS have responsibility for all records that they use, manage, receive and dispose of and should ensure they follow the records management policy. They must ensure that all records are managed and disposed of according to all relevant SDS policies and should ensure that information is up to date and accurate. They must ensure that all records are managed in accordance with SDS Retention schedule and information classification and handling policy. 9

Records Management Policy If you need this information in another language or format, please contact us to discuss how we can best meet your needs. Phone 0303 123 1015 or email equalities@southlanarkshire.gov.uk

Records Management Plan April 2015 Prepared in accordance with the Public Records (Scotland) Act 2011 and submitted to the Keeper of the Records of Scotland for their agreement on 28 April 2015 (Revised

Lord Chancellor s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000 Lord Chancellor s Code of Practice on the management of records issued under

RECORDS MANAGEMENT POLICY 1. POLICY OBJECTIVE 1.1 The University of South Africa (Unisa) has the responsibility to manage, store and retain certain documentation, records and other forms of information

Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of information and records within NZQA and assign

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT November 2003 Laid before the Scottish Parliament on 10th November 2003 pursuant to section 61(6) of the Freedom of Information

Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland

1. Scope The City of Mount Gambier Records Management Policy provides the policy framework for Council to effectively fulfil its obligations and statutory requirements under the State Records Act 1997.

Records Management Checklist Foreword We fi rst developed the Records Management Checklist in 2008 to complement our performance audit Records Management in the Victorian Public Sector. At that time the

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,

RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations

Greater London Authority Records Management Policy 1. Purpose The purpose of the Records Management Policy is to establish a framework for the creation, maintenance, storage, use and disposal of GLA records,

Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of corporate information and records within NZQA.

RECORDS MANAGEMENT POLICY ADOPTED BY COUNCIL 13 JUNE 2006 REVIEWED BY COUNCIL 6 NOVEMBER 2006 REVIEWED BY COUNCIL 10 MAY 2010 1. INTRODUCTION The State Records Act 1997 governs the obligations and responsibilities

Records management policy Board library reference Document author Assured by Review cycle P017 Head of Compliance Audit and Risk Commitee 3 Years This document is version controlled. The master copy is

DISTRICT COUNCIL OF LOXTON WAIKERIE Records Management Policy Policy Identification: Adoption Date: 19 May 2006 Last Review: 17 April 2015 Next Review Date: April 2017 Every 2 years Responsible Officer(s):

The Moray Council Retention & Disposal Schedule for documents and records [paper and electronic] Scope and Explanation 1 Document Control Sheet Name of Document: The Moray Council Records Retention Schedule

Guide 1 What is records management? This guidance has been produced in support of the good practice recommendations in the Code of Practice on Records Management issued by the Lord Chancellor under section

1.1 Introduction Derbyshire County Council is dependent on its records to operate efficiently and to account for its actions. This policy defines a structure for Derbyshire County Council to ensure that

UNIVERSITY OF ST ANDREWS RECORDS MANAGEMENT POLICY (October 2003) I Introduction The University recognises that the efficient management of its records is necessary to support its core functions, to contribute

CORK INSTITUTE OF TECHNOLOGY RECORDS MANAGEMENT POLICY APPROVED BY GOVERNING BODY ON 2 APRIL 2009 INTRODUCTION What are Records? Records are documents created, used and maintained for business reasons.

INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

Introduction Information Governance Strategy 2015-2018 This strategy sets out the approach to be taken within Children s Hearings Scotland (CHS) to develop a robust Information Governance (IG) framework

Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies

Public Records (Scotland) Act 2011 City of Edinburgh Council and Licensing Board Assessment Report The Keeper of the Records of Scotland 23 June 2016 Contents 1. Public Records (Scotland) Act 2011... 3

District Council of Yankalilla Elected Members Records Management Policy Strategic Reference File Reference Responsibility Revision Number Effective Date Last Revised Date Provide leadership, good governance,

PRIORITY RECOMMENDATIONS R1 BIS to elevate the profile of information risk in support of KIM strategy aims for the protection, management and exploitation of information. This would be supported by: Establishing